Export to JSON in canonical form

Question

Export to JSON in canonical form

0

To use JSON in cryptographic situations, it should be represented in an exactly reproducible format, i.e. canonical form.

Can the Export to XML/JSON always create this canonical form. Functional there is no difference with the current export, but then it can be used in digital signing.

An alternative is to do this in Java, but why do this unnecessary extra step if it is available in the export activity.

asked 2020-03-31

Rob Dekkers

4 answers

Rob Dekkers · Answer 1 · 2020-04-01

It could always export in canonical form; the current output criteria is not described anyway.

I did not analyse the ordering closely, but I cannot see a correlation between form and domain model ordering. Beware that keys of attributes and associations can be redefined in the message definition and thus have impact on ordering.

We solved it with extra customized Java coding, because the JSON framework Mendix is using, does not contain canonical form out-of-the-box.

Joost Verhoog · Answer 2 · 2020-04-01

I see. If the export mapping had an option to create the canonical form it would reorder the entries in lexicographical ordering.

Alternatively, you could use a JSON structure that is in lexicographical ordering. That would result in the output being in that order as well, right?

Rob Dekkers · Answer 3 · 2020-03-31

In short according to IETF the canonical form is defined by the following rules:

The document MUST be encoded in UTF-8 [UTF-8]

Non-significant(1) whitespace characters MUST NOT be used

Non-significant(1) line endings MUST NOT be used

Entries (set of name/value pairs) in JSON objects MUST be sorted lexicographically(2) by their names

Arrays MUST preserve their initial ordering

Lexicographical ordening is missing.

Joost Verhoog · Answer 4 · 2020-03-31

In what way(s) is the current result of an export to json not in canonical form?